I want to make an app that retrieves, adds and edits data on a mysql, I want to know what programming languages will I have to learn other than Lua… and will I have to host a web server for money while I script or is there a free way to do it just for testing purposes not for a release yet.
Also if there is an already made script that I can use rather than doing it myself that would be great.
If you’re on a Mac, you can set up a MAMP server running in the background (Mac, Apache, MySQL, PHP) and build and test your code locally before going to a web hosting service. Google MAMP to learn more. If you are running Windows, there is also WAMP servers that let you do the same thing on Windows machines. Web hosting is pretty cheap.
Now on to scripting. You want to write specific APIs that will work with the database in such a way someone who finds your script can’t easily hack your database. In other words, you should never allow a query to come from a user. You let the user pass key/value pairs to you, then your script writes the query for what you want to do. All input needs to be scrubbed to prevent SQL from being executed.
You might want to have endpoints like:
https://yoursite.com/adduser.php?firstName=Bill&lastName=Gates
https://yoursite.com/removeuser.ephp?id=4
When picking a webhost, see if they support “LetsEncrypt”, a free way to get https: web servers up and running. This will be mandatory by Apple by the end of the year.
Rob
Okay, so I installed wamp and now the localhost is up and running, I still didn’t figure out a way to set a domain name but that will happen gradually,
I wanna know if I can have a connection between my corona project and the localhost or does it have to be a domain name ?
and after having the connection what should I do next…
Corona can talk to “localhost”. You don’t need a domain name for talking to the local machine. Just remember to change any references from localhost to the domain name once you start talking with your server.
Rob
I’ve been able to make the connection between the php and corona thanks to your help.
also I am working on the php script but there is 2 problems
1- How to ensure security that nobody could make any change to the database
2- How to return a certain value to send to corona.
here is the script until now
\<html\> \<body\> \<?php $username = "root"; $password = ""; $hostname = "localhost"; $familyNameQuery = $\_GET['familyNameQuery']; $dbhandle = mysqli\_connect($hostname, $username, $password) or die("Unable to connect to MySQL"); echo "Connected to MySQL\<br\>"; $selected = mysqli\_select\_db($dbhandle, "regionfamilies") or die("Could not selected regionfamilies"); echo "Coneted to regionfamilies\<br\>", "\<br\>"; $familyNameQuery = mysqli\_real\_escape\_string($dbhandle, $familyNameQuery); $result = mysqli\_query($dbhandle, "SELECT familyName, familyMembers, membersInfo, lastVisit FROM familiesTable WHERE familyName='$familyNameQuery'") or die("Could not find ".$familyNameQuery.""); echo "Query Loading results...", "Query results lodead! ".mysqli\_num\_rows($result)." rows\<br\>"; while($row = mysqli\_fetch\_array($result)){ echo "\<b\>familyName: \</b\>".$row{'familyName'}." \<b\>familyMembers: \</b\>".$row{'familyMembers'}." \<b\>membersInfo: \</b\>".$row{'membersInfo'}." \<b\>lastVisit: \</b\>".$row{'lastVisit'}." \<b\>Done\</b\>\<br\>"; } mysqli\_close($dbhandle); ?\> \</body\> \</html\>When you go to production:
Make sure that the MySQL port is blocked via the firewall (typically 3306) and only accessible via localhost on your server.
Make user you have a password on the database.
Provide different usernames for the database. For instance, one can only have SELECT privs. One that has full privs that you would use with PHP_MySQL or Adminer. You can have an update account that will do INSERT, REPLACE and UPDATES (and SELECTS) but can’t create tables, drop databases, etc.
Lock down PHP_MySQL or Adminer with an .htaccess username/password
Always escape any user input.
Make sure the PHP scripts that have passwords are only readable by the web server’s User/Group or the root User/Group.
Use strong passwords.
Use https: when communicating with your scripts
Setup some authentication for the scripts
That’s a good starter list…
If you’re on a Mac, you can set up a MAMP server running in the background (Mac, Apache, MySQL, PHP) and build and test your code locally before going to a web hosting service. Google MAMP to learn more. If you are running Windows, there is also WAMP servers that let you do the same thing on Windows machines. Web hosting is pretty cheap.
Now on to scripting. You want to write specific APIs that will work with the database in such a way someone who finds your script can’t easily hack your database. In other words, you should never allow a query to come from a user. You let the user pass key/value pairs to you, then your script writes the query for what you want to do. All input needs to be scrubbed to prevent SQL from being executed.
You might want to have endpoints like:
https://yoursite.com/adduser.php?firstName=Bill&lastName=Gates
https://yoursite.com/removeuser.ephp?id=4
When picking a webhost, see if they support “LetsEncrypt”, a free way to get https: web servers up and running. This will be mandatory by Apple by the end of the year.
Rob
Okay, so I installed wamp and now the localhost is up and running, I still didn’t figure out a way to set a domain name but that will happen gradually,
I wanna know if I can have a connection between my corona project and the localhost or does it have to be a domain name ?
and after having the connection what should I do next…
Corona can talk to “localhost”. You don’t need a domain name for talking to the local machine. Just remember to change any references from localhost to the domain name once you start talking with your server.
Rob
I’ve been able to make the connection between the php and corona thanks to your help.
also I am working on the php script but there is 2 problems
1- How to ensure security that nobody could make any change to the database
2- How to return a certain value to send to corona.
here is the script until now
\<html\> \<body\> \<?php $username = "root"; $password = ""; $hostname = "localhost"; $familyNameQuery = $\_GET['familyNameQuery']; $dbhandle = mysqli\_connect($hostname, $username, $password) or die("Unable to connect to MySQL"); echo "Connected to MySQL\<br\>"; $selected = mysqli\_select\_db($dbhandle, "regionfamilies") or die("Could not selected regionfamilies"); echo "Coneted to regionfamilies\<br\>", "\<br\>"; $familyNameQuery = mysqli\_real\_escape\_string($dbhandle, $familyNameQuery); $result = mysqli\_query($dbhandle, "SELECT familyName, familyMembers, membersInfo, lastVisit FROM familiesTable WHERE familyName='$familyNameQuery'") or die("Could not find ".$familyNameQuery.""); echo "Query Loading results...", "Query results lodead! ".mysqli\_num\_rows($result)." rows\<br\>"; while($row = mysqli\_fetch\_array($result)){ echo "\<b\>familyName: \</b\>".$row{'familyName'}." \<b\>familyMembers: \</b\>".$row{'familyMembers'}." \<b\>membersInfo: \</b\>".$row{'membersInfo'}." \<b\>lastVisit: \</b\>".$row{'lastVisit'}." \<b\>Done\</b\>\<br\>"; } mysqli\_close($dbhandle); ?\> \</body\> \</html\>When you go to production:
Make sure that the MySQL port is blocked via the firewall (typically 3306) and only accessible via localhost on your server.
Make user you have a password on the database.
Provide different usernames for the database. For instance, one can only have SELECT privs. One that has full privs that you would use with PHP_MySQL or Adminer. You can have an update account that will do INSERT, REPLACE and UPDATES (and SELECTS) but can’t create tables, drop databases, etc.
Lock down PHP_MySQL or Adminer with an .htaccess username/password
Always escape any user input.
Make sure the PHP scripts that have passwords are only readable by the web server’s User/Group or the root User/Group.
Use strong passwords.
Use https: when communicating with your scripts
Setup some authentication for the scripts
That’s a good starter list…